1. Field of the Invention
The invention relates to an information processing apparatus and control method, in particular, an information processing apparatus and control method that performs communications using an electronic certificate.
2. Description of the Related Art
A variety of encryption technologies are being used to authenticate a party to communications over a network, or to encrypt data that constitutes content of the communications. In particular, an encryption technology known as Public Key Infrastructure, or PKI, has been the most widely used encryption technology in recent years; see, for example, Japanese Patent Laid-Open 2004-007512.
The foundation of PKI is authentication technology that uses an electronic certificate, issued via public key encryption, including but not limited to RSA encryption or a digital signature, and an authentication agent known as a certificate authority, or CA, in order to guarantee a given party's identity.
Using the electronic certificate allows maintaining security of network communications, by performing client-server authentication, an exchange of data encryption keys, and performing an encrypted data communication using the keys so exchanged.
Secure Socket Layer (SSL) and Transport Layer Security (TLS), encrypted communication protocols in common use on the World Wide Web (WWW), perform client-server authentication, using an electronic certificate, prior to commencement of encrypted communications.
At present, the commonly used data format for electronic certificates is based on a standard known as X.509, a digital certificate specification drafted by the International Telecommunications Union (ITU). An electronic certificate in X.509 format is assembled from an X.509 version number, an electronic certificate serial number, public key information, identification information for the certificate authority that issued the electronic certificate, the certificate's expiration date, and identification information for the party being certified, i.e., the recipient of the electronic certificate.
When a CA issues an electronic certificate, data in the format of a Certificate Signing Request (CSR) is sent from the party being certified, that is, the recipient of the electronic certificate, to the CA. The CA issues the electronic certificate in accordance with the content described in the CSR.
A standard known as RFC2986 Internet X.509 Certificate Request Message Format Version 1.7, or PKCS#10, is used for the CSR format. It is typical for the CSR to contain such information as public key information maintained by the recipient of the electronic certificate, and information on the certified party, that is, the recipient of the electronic certificate.
Even if the CA issues an electronic certificate to a printing device or other information processing apparatus, i.e., client, it is necessary for the client to create a CSR containing public key information that it maintains, together with its identification information, and request that the CA issue the certificate.
Consider a situation in which a system is operated that performs such functions as issuing an electronic certificate from a CA to authenticate a client, or to use the electronic certificate to authenticate a client device on an Internet, WAN, or LAN environment. The CSR, namely, the request that the CA issue the electronic certificate to the client, contains identification information on the certified party, that is, the recipient of the electronic certificate, such as a subject field or subject alternative name field in the X.509 format. It is assumed that among the identification information is included such elements as a fully qualified domain name, or FQDN, or an IP address, which are allocated to the client, and that are described as client identification information.
A concrete case of use of an electronic certificate is performing access and processing from a terminal apparatus using such communications protocols as Internet Printing Protocol (IPP) over SSL.
The client is presumed to be a printing device for present purposes. After the terminal apparatus is connected to the printing device, and negotiation, i.e., establishment of an encryption algorithm and client-server authentication, is performed according to SSL protocols, encrypted printing data is transmitted to the print device. An electronic certificate is used in the server authentication process of negotiation.
Once the communication path encryption algorithm is established, the printer device, which is an SSL server, transmits an electronic certificate. The terminal apparatus performs verification of the signature contained in the received electronic certificate, and compares host identification information, including but not limited to the printing device server address, with the printer device identification information, which is contained in the electronic certificate that is transmitted by the printer device. These processes allow authentication for the purpose of identifying device spoofing.
If the printer device's host identification information is altered while the printer device is requesting that the CA issue an electronic certificate, however, the printing device identification information and the host identification information for the CSR and the electronic certificate will no longer match. A similar outcome obtains while using an electronic certificate issued by the CA, as well. In such circumstances, the problem that arises is that device authentication and identification of spoofing attempts cannot be carried out.
There are a particularly significant number of instances in LAN environments wherein an operation is carried out such that no FQDN is allocated to the printing device, while an IP address that is dynamically allocated by a DHCP server is treated as the host identification information. Alterations to the printing device host identification information under such circumstances raises a significant probability of the problem cited above occurring.
At such time as the printing device host identification information is altered, the printing device administrator must takes such steps as suspending use of the electronic certificate, submitting a request for a new electronic certificate, and updating the electronic certificate. It will also be necessary, however, for the administrator to actively perform a manual check to identify the mismatch between the host identification information and the electronic certificate printing device identification information. Moreover, if the administrator forgets to process submitting a request for a new electronic certificate or updating the electronic certificate, there is an additional risk that these checks may be delayed, and illicit certificates may continue to be issued and used. Added to this are increased administrative costs for reissuing of certificates every time host identification information changes, owing to the necessity for administrators or others traditionally to manually perform certificate reissuing procedures even when a mismatch is identified.